Skip to main content
CVE-2024-31839 MEDIUM POC This Month

Cross Site Scripting vulnerability in tiagorlampert CHAOS v.5.0.1 allows a remote attacker to escalate privileges via the sendCommandHandler function in the handler.go component. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

XSS Chaos
NVD GitHub
CVSS 3.1
4.8
EPSS
8.1%
CVE-2024-29461 MEDIUM POC This Month

An issue in Floodlight SDN OpenFlow Controller v.1.2 allows a remote attacker to cause a denial of service via the datapath id component. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Open Sdn Controller
NVD GitHub
CVSS 3.1
6.3
EPSS
0.5%
CVE-2024-22734 MEDIUM POC This Month

An issue was discovered in AMCS Group Trux Waste Management Software before version 7.19.0018.26912, allows local attackers to obtain sensitive information via a static, hard-coded AES Key-IV pair in. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Trux Waste Management
NVD
CVSS 3.1
6.2
EPSS
0.7%
CVE-2024-30845 MEDIUM POC This Month

Cross Site Scripting vulnerability in Rainbow external link network disk v.5.5 allows a remote attacker to execute arbitrary code via the validation component of the input parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection XSS RCE Rainbow External Link Network Disk
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-3695 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Computer Laboratory Management System 1.0 and classified as problematic. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Computer Laboratory Management System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-3092 MEDIUM POC This Month

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab XSS
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-2279 MEDIUM POC This Month

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 to 16.8.6 all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab XSS
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-30390 MEDIUM This Month

An Improper Restriction of Excessive Authentication Attempts vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a limited Denial of Service. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Os Evolved
NVD
CVSS 4.0
6.9
EPSS
0.5%
CVE-2024-30389 MEDIUM This Month

An Incorrect Behavior Order vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on EX4300 Series allows an unauthenticated, network-based attacker to cause an integrity. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Juniper Junos
NVD
CVSS 4.0
6.9
EPSS
0.4%
CVE-2024-30410 MEDIUM This Month

An Incorrect Behavior Order in the routing engine (RE) of Juniper Networks Junos OS on EX4300 Series allows traffic intended to the device to reach the RE instead of being discarded when the discard. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Juniper Junos
NVD
CVSS 4.0
6.9
EPSS
0.4%
CVE-2024-30409 MEDIUM This Month

An Improper Check for Unusual or Exceptional Conditions vulnerability in telemetry processing of Juniper Networks Junos OS and Junos OS Evolved allows a network-based authenticated attacker to cause. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 4.0
6.9
EPSS
0.5%
CVE-2024-30384 MEDIUM This Month

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on EX4300 Series allows a locally authenticated attacker with. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 4.0
6.8
EPSS
0.2%
CVE-2024-27261 MEDIUM This Month

IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.2 could allow a privileged user to install a potentially dangerous tar file, which could give them access to subsequent systems where the. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Storage Defender Resiliency Service
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2024-30406 MEDIUM This Month

A Cleartext Storage in a File on Disk vulnerability in Juniper Networks Junos OS Evolved ACX Series devices using the Paragon Active Assurance Test Agent software installed on network devices allows. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Juniper Paragon Active Assurance Test Agent Junos Os Evolved
NVD
CVSS 4.0
6.7
EPSS
0.1%
CVE-2024-0157 MEDIUM This Month

Dell Storage Resource Manager, 4.9.0.0 and below, contain(s) a Session Fixation Vulnerability in SRM Windows Host Agent. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Dell Denial Of Service Microsoft Storage Monitoring And Reporting Storage Resource Manager
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-31391 MEDIUM PATCH This Month

Insertion of Sensitive Information into Log File vulnerability in the Apache Solr Operator.3.0 through 0.8.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Kubernetes Solr Operator
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-2801 MEDIUM This Month

The Shopkeeper Extender plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'image_slide' shortcode in all versions up to, and including, 3.6 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-2137 MEDIUM This Month

The All-in-One Addons for Elementor - WidgetKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple pricing widgets (e.g. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS All In One Addons For Elementor Elementor
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-31272 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Repute InfoSystems ARForms Form Builder.6.1. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Arforms Form Builder
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-31462 MEDIUM This Month

stable-diffusion-webui is a web interface for Stable Diffusion, implemented using Gradio library. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Microsoft
NVD GitHub
CVSS 3.1
6.3
EPSS
0.7%
CVE-2024-30391 MEDIUM This Month

A Missing Authentication for Critical Function vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an unauthenticated. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Juniper Junos
NVD
CVSS 4.0
6.3
EPSS
0.4%
CVE-2024-3688 MEDIUM This Month

A vulnerability was found in Xiamen Four-Faith RMP Router Management Platform 5.2.2. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.4%
CVE-2024-2397 MEDIUM This Month

Due to a bug in packet data buffers management, the PPP printer in tcpdump can enter an infinite loop when reading a crafted DLT_PPP_SERIAL .pcap savefile. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
6.2
EPSS
0.3%
CVE-2024-22359 MEDIUM This Month

IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 are vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Devops Deploy Urbancode Deploy
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-40211 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GiveWP allows Stored XSS.25.1. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Givewp
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-3689 MEDIUM This Month

A vulnerability classified as problematic has been found in Zhejiang Land Zongheng Network Technology O2OA up to 20240403. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure O2oa
NVD GitHub VulDB
CVSS 3.1
5.9
EPSS
0.9%
CVE-2024-22526 MEDIUM This Month

Buffer Overflow vulnerability in bandisoft bandiview v7.0, allows local attackers to cause a denial of service (DoS) via exr image file. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Bandiview
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-31301 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Themeisle Multiple Page Generator Plugin - MPG.4.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Multiple Page Generator
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-31238 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Zaytech Smart Online Order for Clover.5.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Smart Online Order For Clover
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-31279 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Catch Plugins Generate Child Theme.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-31263 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in aerin Loan Repayment Calculator and Application Form.9.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-31262 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Jcodex WooCommerce Checkout Field Editor (Checkout Manager).1.8. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2024-22357 MEDIUM This Month

IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Sterling B2b Integrator
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-52211 MEDIUM This Month

Missing Authorization vulnerability in Automattic WP Job Manager.0.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-21610 MEDIUM This Month

An Improper Handling of Exceptional Conditions vulnerability in the Class of Service daemon (cosd) of Juniper Networks Junos OS allows an authenticated, network-based attacker with low privileges to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-3707 MEDIUM This Month

Information exposure vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure Opengnsys
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-30614 MEDIUM This Month

An issue in Ametys CMS v4.5.0 and before allows attackers to obtain sensitive information via exposed resources to the error scope. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ametys
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-21615 MEDIUM This Month

An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to access confidential information on the system. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Juniper Junos Junos Os Evolved
NVD
CVSS 4.0
5.1
EPSS
0.2%
CVE-2024-22334 MEDIUM This Month

IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 could be vulnerable to incomplete revocation. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Devops Deploy Urbancode Deploy
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2023-51499 MEDIUM This Month

Missing Authorization vulnerability in WooCommerce WooCommerce Shipping Per Product.5.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-31363 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in LifterLMS.5.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Lifterlms
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-31268 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in AppPresser Team AppPresser.3.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Apppresser
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-31364 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in ELEXtensions ELEX WooCommerce Dynamic Pricing and Discounts.1.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-31293 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Easy Digital Downloads.2.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Easy Digital Downloads
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-31362 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Metagauss ProfileGrid.7.8. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Profilegrid
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-31269 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Easy Google Maps.11.11. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google CSRF Easy Google Maps
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-31303 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Fetch Designs Sign-up Sheets sign-up-sheets.2.11.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-31271 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Ultimate Maps by Supsystic.2.16. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-31250 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Saumya Majumder WP Server Health Stats.7.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-31235 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in WebToffee WordPress Comments Import & Export.3.5. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy